Note: The following apache modules have been renamed by Apache.
Authn/Authz
Some Modules have been renamed and offer better support for digest authentication. For example, mod_auth is now split into mod_auth_basic and mod_authn_file; mod_auth_dbm is now called mod_authn_dbm; mod_access has been renamed mod_authz_host. There is also a new mod_authn_alias module for simplifying certain authentication configurations

Important Notes:
I use xampp for all my webhosting needs, and store it in C:xampp
Get xampp from www.apachefriends.org
Make sure that directory C:xamppApachebin is specified under the System Path variable. We will use a program named htpasswd.exe, that is contained under the mentioned directory, to create a password file for the specified users.
Create the protected Directory
This section will show you how to create directory “lordmwesh” outside the Web-Server’s webroot directory “C:xampphtdocs” using the command prompt.

Open the Windows command-shell via Start » Run… cmd.exe

Change to the drive letter of your Web-Server Suite’s root directory (this is the drive you installed the Web-Server Suite under; for this example we will use drive “C:”)…

…> C:

Change to the path of your Web-Server Suite’s root directory (for this example we will use path “xampp”)…

C:…> cd xampp

Create the directory you want to restrict access to with a user/password prompt (we will create directory named “lordmwesh”)…

C:xampp> mkdir lordmwesh

Change to your newly created directory…

C:xampp> cd lordmwesh

Create user/password file
Continuing from the previous section, we are now ready to use htpasswd.exe to create a file named “.htpasswd”: this file will contain user names with their respective passwords (the passwords will be encrypted before placed under the file).

This 1st line (with switch “-c” — that will not be repeated in the following lines) will create a file named .htpasswd under the current directory (C:xampplordmwesh). The password given will be encrypted by the htpasswd.exe program (due to the “-m” switch — MD5 encryption).

User named “user1” with password “passuser1” is specified 1st…

C:xampplordmwesh> htpasswd -cmb .htpasswd user1 passuser1

Add user named “user2” with password “passuser2” to the .htpasswd file…

C:xampplordmwesh> htpasswd -mb .htpasswd user2 passuser2

Add user named “raila” with password “kibaki” to the .htpasswd file…

C:xampplordmwesh> htpasswd -mb .htpasswd raila kibaki

Configuration — httpd.conf
We can now edit Apache’s httpd.conf file to bring everything together.

Edit file C:xamppapacheconfhttpd.conf

———————-
Make sure that the following two ‘LoadModule’ lines are uncommented, by removing the beginning “#” character…
(These ‘LoadModule’ lines should already be uncommented, by default). This is for
Note that those using Apache1, and Apache2 should check for the correct Module file requred. Apache1 use mod_access.so. Apache2 use mod_authz_host.so

LoadModule access_module modules/mod_access.so #Line 1 for those using Apache1
LoadModule authz_host_module modules/mod_authz_host.so #ine 1 for those using Apache2
LoadModule alias_module modules/mod_alias.so
Uncomment the following two ‘LoadModule’ lines, by removing the beginning “#” character…
(The 1st line is required for directive ‘AuthUserFile’)
(The 2nd line is required for directive ‘Options Indexes’: to display the index of a directory)

LoadModule auth_module modules/mod_auth.so
LoadModule autoindex_module modules/mod_autoindex.so
———————-

Insert code…


Order allow,deny
Deny from all

Alias /lordmwesh “/xampp/lordmwesh”


Order allow,deny
Allow from all

Options Indexes
AuthType Basic
AuthName “Private Access”
AuthUserFile “/xampp/lordmwesh/.htpasswd”
Require valid-user

Save file and Restart Apache…
(from the command prompt type the following)

> net stop Apache
> net start Apache
Test protected Directory
Access http://localhost/lordmwesh/

Enter one of the user/password combinations…
You should now see either the directory structure, or (if you have an index.htmlphp file under the accessed directory) your index file.

To [truly] logout as the user, you must close the browser window.

Advanced Configurations and Features
You can also grant/restrict access to the user/password protected directory with IP addresses…

Replace the original “” block with this updated version…
(or simply replace the first two lines of the original block)


Order deny,allow
Deny from All

Options Indexes
AuthType Basic
AuthName “Private Access”
AuthUserFile “/xampp/lordmwesh/.htpasswd”
Require valid-user

Below the line…

Require valid-user..add the following code…

Allow from 127.0.0.1
Satisfy Any
…if you access the protected area from your local system (IP address — 127.0.0.1), there will be no need to enter a user/password combination.
(Note that you can add multiple “Allow from ip-address” statements to grant access)

…by using the following code instead…

Allow from 127.0.0.1
Satisfy All
…you will have to access the protected area from your local system (IP address — 127.0.0.1) AND will need to enter a valid user/password combination.

——————
further reading
More links
http://httpd.apache.org/docs/2.0/programs/htpasswd.html
http://httpd.apache.org/docs/2.2/new_features_2_2.html#module
http://www.devside.net/articles/windows/password

Posted in apache
Share this post, let the world know

Leave a Reply

Your email address will not be published. Required fields are marked *